3 1 Introduction Every day, administrators are facing the challenge of having to administrate a large number of remote computers. This document provides an overview of the fundamental possibilities for the administration of remote computers based on different protocols (RDP, ICA, VNC, Telnet, SSH, HTTP/S). It also looks at how administration tools can contribute to a significantly higher efficiency and effectiveness of IT operations (as exemplified by the visionapp Remote Desktop admin tool). 2 Overview of Administration Tools This section presents the most common tools used for the administration of remote systems. A major drawback of most applications is that they have to be started and used in parallel. Normally, it will not be possible to start different tools from a console, manage login credentials centrally or use them automatically for connection purposes. One exception to this is visionapp Remote Desktop: The administrator is able to use different protocols, store login credentials centrally and assign them to different connection objects. In addition, various useful functionalities provide assistance in daily administration work. 2.1 RDP Administration Tools Remote Desktop Protocol (RDP) is a network protocol from Microsoft used to display and control desktops on remote computers. It sets the rules for addressing and using Microsoft Terminal Services. Whoever wants to use Microsoft s Remote Desktop Connection tool has to manually enter the name of the remote computer and the login information. This method is rather cumbersome, in particular if different settings are to be used according to the target system. Abb. 1 Remote Desktop Connection from Microsoft 1

4 Alternatively, the RDP connections can be saved in separate files, which in turn can be saved in different folders. When handling a large number of systems, there is a risk that the file and folder structure rapidly becomes confusing and difficult to maintain. These tasks can be organized somewhat more efficiently with the Remote Desktop Management Console included in the Windows Server 2003 Administration Tools Pack or as snap-in directly under Windows Server Abb. 2 Microsoft Management Console Remote Desktops Managing login credentials and folder structures is not possible However, it is not possible to reasonably organize the connection objects in additional hierarchical structures. Moreover, login credentials have to be assigned to all objects separately all in all a very cumbersome and inflexible way to work. 2.2 Access via ICA Independent Computing Architecture (ICA) is a protocol for a terminal server / application service providing system developed by Citrix Systems. The protocol sets a specification for the transmission of data between the server and clients, but it is not bound to any specific platform. 2

5 ICA-compliant application products include Citrix WinFrame, MetaFrame and Citrix Presentation Server products. These products allow to run common Windows applications on an appropriate Windows server (or Unix derivate application on an appropriate Unix derivate server), with any supported client able to access these applications. The client platform does not necessarily require Windows, clients for e.g. Macintosh and Unix are supported as well. Abb. 3 ICA Client Properties 2.3 VNC Management Tools Virtual Network Computing (VNC) is a software that displays the screen of a remote computer on a local machine and, in return, sends the local keyboard inputs and mouse movements to the remote computer. This lets you work on the remote computer as if you were sitting at it. Unlike other remote maintenance software, VNC is independent of the platform used. All it requires is running the server component on the remote system and the client component on the local computer. 3

6 Known VNC programs that can be used both as server and as client include, for instance, RealVNC, TightVNC or UltraVNC. Abb. 4 RealVNC Configuration 2.4 Telnet and SSH Management Tools Telnet (Telecommunication Network) is the name of a network protocol widely used in the Internet. It is based on a character-oriented data exchange between the client and the server through a TCP connection. Due to the missing encryption it is gradually being replaced by the Secure Shell protocol. Typically, Telnet is used to establish connections between text terminals and remote computers via a network. Either the establishment of the connection and the tasks of the terminal are performed by a terminal emulator or a terminal is connected to a terminal server that takes care of establishing the connection. Secure Shell or SSH refers to both a network protocol and the corresponding programs that allows to establish a secure connection to a remote computer. This method is often used to transmit a remote command line to the local machine, i.e. the remote console outputs are redirected to the local machine. In other words, the local console is used to output remote inputs while the local keyboard inputs are sent to the remote computer. 4

7 SSH allows for a secure, authenticated and encrypted connection between two computers via an insecure network. Thus, it serves as replacement for the earlier rlogin, telnet and rsh protocols, which transmit the entire network traffic without encryption, including passwords. The original purpose was to log on to remote computers via a network (usually the Internet), but in particular SSH-2 is not limited to terminal functions. Both Telnet and SSH can be used through the free PuTTY tool, a popular SSH and Telnet client. Abb. 5 PuTTY Configuration 2.5 Administration via HTTP/S In a server-based network, the server components in particular have to be available around the clock. For instance, the domain controller in a global corporation must be able to handle user logins at all times. For the remote maintenance of servers, desktop control, monitoring and file access services alone are not necessarily sufficient to ensure quick response to server errors or perform server management efficiently. When a server crashes, when SCSI, RAID or system BIOS settings need to be reconfigured, or when the server is infected with a virus, traditional remote maintenance services are of no real help as they all depend on the server to be running. Using a Server Management Board however, the server can be accessed and remotely maintained or administrated at any time, even when the operating system is down. To do so, a connection is established via HTTP or HTTPS following authentication with a username and password. 5

8 Moreover, in today s offices many of the existing end devices such as copiers or printers are equipped with a browser-based interface. Using that the status and additional information may be retrieved via HTTP. Abb. 6 Remote Management of a Copier 6

9 3 Added Value Through visionapp Remote Desktop 2010 With visionapp Remote Desktop 2010 (vrd 2010) the administrator is able to simplify and automate many of his activities thus saving time every day. For instance, it is possible to manage all connections in a hierarchical structure of folders and subfolders. This makes locating individual connections much easier and also greatly simplifies management. It is also possible to assign login credentials to these connection objects or entire folders. In addition, the objects can be freely rearranged at any time, for instance to respond to changing business requirements. Also, any new connection object can automatically inherit the settings of the folder where it is located. A further advantage of vrd 2010 is that it allows to quickly switch between simultaneously open connections. Each active connection is displayed in a tab, in a separate window or in full-screen mode. In the tree view administrators have a complete overview of all connections and their status. Abb. 7 Overview of the vrd 2010 User Interface 7

10 3.1 News and Update Page Using the News and Update page available directly in vrd 2010, the administrator is provided with current information on updates and the latest tools in real-time. It also provides useful tips and tricks on how to use this remote admin tool. Abb. 8 News and Update Page 3.2 Bulk Import of Servers A real challenge for any administrator is importing huge numbers of servers. As the standard Microsoft tools require a manual creation of every single connection object, any form of assistance in this area is likely to be at the top of the administrator s wish list. A particularly user-friendly solution is a direct import from the company s Active Directory using a CSV file, as made possible by vrd When imported, the connection settings for the imported objects can be set separately irrespective of the settings previously made in vrd Database Access for Increased Flexibility Depending on the size of the IT infrastructure to be managed, several administrators may have to be able to access the same connections at the same time. This requires saving all settings (login credentials and connection objects) in a central database, password-protected for security reasons. 8

11 To prevent unauthorized use of vrd 2010, users or user groups can be provided with specific administrative permissions that limit access to the objects only they actually need for their work. Abb. 9 Administrative Permissions in vrd 2010 In addition, database mode offers further benefits: Logging events, changes and activities ensures the traceability of all operations at all times. Together with the connection history, this provides the administrator with a perfect overview, which greatly facilitates troubleshooting in the event of an error. 3.4 Display Options The more complex the IT infrastructure, the more difficult it is for administrators to keep track of operations. The overall view of all connected servers, as offered by vrd 2010, is of great help. A wide range of display options allow to rearrange all active connections in different ways. And switching between the different display options is just a few clicks away. In addition, the administrator can arrange connections individually, for instance to get an overall view of all computers. It is also possible to use colored tabs for more clarity and have the tab title display both the protocol and the login credentials used. Abb. 10 Custom Display in vrd

12 3.5 Connection Settings A major improvement for administrators is the possibility to carry out administrative tasks simultaneously. For instance, using vrd 2010 you have the possibility to simultaneously connect or disconnect all servers within a folder with a simple double-click. Also, the Quick Connect feature allows to start an individual connection without having to create a server object previously. When a server has to be restarted, vrd 2010 automatically reconnects to this system, i.e. a manual reconnection is no longer required. And for a better overview, the restart of the server is identified in the tree structure by an appropriate icon. Regardless of the specific settings stored for a connection, vrd 2010 allows to freely select the display mode, the login credentials or the connection protocol from the context menu. The configured settings do not have to be changed to do so. 3.6 Configuration Settings For administration purposes it is often necessary to have direct access to a server s console, e.g. to terminate an open local connection. Furthermore with vrd 2010, it is possible to automatically start remote servers through Wake-On-LAN (Magic Package) and their MAC address. Moreover, vrd 2010 allows to manage running servers through an existing Management Board (via HTTP or HTTPS). Default settings such as the color depth, the availability of local drives in the remote session or display options (full screen, separate window, tabbed view) are very easy to set and are automatically applied to all new connections. With the display options set accordingly, the view of a remote desktop is automatically adjusted to the tab size in vrd Security A major issue in the administration of large infrastructures are so-called orphaned connections. To provide a solution to this issue, vrd 2010 displays all currently active connected users right underneath the server object. If no active connection to the remote computer is available to the administrator, the still active user sessions are nonetheless displayed underneath the corresponding connection object. From here the administrator can send messages to these users or log off their sessions in order to be able to perform specific tasks in the proper way. In addition, when accessing remote computers via RDP, the administrator can use a secure server authentication or the Network Level Authentication (NLA) feature. If the RDP port is not to be accessible from outside through the company s firewall, the administrator can use a Microsoft Terminal Services Gateway to access in-house terminal servers. Moreover, when using VNC or ICA as connection protocol, the administrator is still able to send data encrypted. 10

13 3.8 Reporting In particular environments with a very large number of servers require a comprehensive reporting function. With vrd 2010, the last connections used are displayed in the connection history, including the user and the login credentials used. This allows to locate them very quickly and reconnect them from there if required. Abb. 11 Connection History in vrd Backup and Restore It is possible to export connection objects to a file and, for instance, re-import them on another PC. Furthermore, a complete backup also allows to store the login credentials. To prevent unauthorized access to such sensitive company information, the data is encrypted (256-bit AES) and password-protected. The data can be used in both local and database mode. If the latter, login credentials can only be viewed by other administrators if they have been defined as public. 11

14 4 External Applications To administrate computers running different operating systems such as Windows, Mac OS, Unix, Linux, etc., today s administrators need to deal with a wide range of protocols and tools. To cope with increasing requirements related to security and globalization, the administrators has to take over an increasing number of responsibilities and tasks. In order not to lose track, he has to rely on a variety of administration tools run independently of each other. And he has to keep a permanent eye on these tools to stay informed of the state of the network and the different systems. To do so, he may use administration tools such as the Computer Management tool as a Microsoft Management Console snap-in. In this case however, he will first have to manually specify the name for the remote computer to be administrated before he is able to access it. Abb. 12 Computer Management as example for an additional administration tool. The computer to be administrated has to be selected manually. 12

15 As opposed to this, vrd 2010 allows to open an external application such as the Computer Management tool together with a connection thus automatically adding the name of the computer to be administrated. All this requires is storing the appropriate variable (here %computername%) in vrd. Abb. 13 Settings for the External Computer Management Application Another scenario is alternate access to various sites, e.g. as service provider. To this end, you first need to set up a secure connection through a VPN tunnel and then establish the connection to the remote systems. Without vrd 2010, this requires a number of manual steps: Steps prior to access to the system > Starting the VPN client > Establishing the VPN tunnel > Starting the RDP connection to the remote computer > Entering the login credentials > Accessing the remote computer Steps after completion of work > Logging off from the remote computer > Disconnecting the RDP session > Launching the VPN client > Disconnecting the VPN tunnel 13

16 With vrd 2010, all if these steps can be automated. Thus, in the example below, two external applications are assigned to the connection object. The first one (VPN Start) is automatically started before the actual connection to the remote server is established, the other one (VPN Stop) is called when the connection is to be disconnected: Abb. 14 Assigning External Applications to an Existing Connection In addition, by assigning the appropriate login credentials it is possible to have the system automatically log on the corresponding user when the connection is activated. Abb. 15 Assigning Login Credentials to an Existing Connection for Automatic Login 14

17 Besides these examples, there is a multitude of other applications that can be used in vrd Abb. 16 Integrating External Applications in vrd 2010 (e.g. Ping, System Monitor, FTP Client) 15

18 5 Disclaimer Disclosure and Warranty The information, concepts, and ideas contained in this document are the property of visionapp AG. No part of this document may be disclosed or reproduced in any form without written permission of visionapp AG. Any violation thereof will be pursued. All brand names and product names used in this document are trademarks of their respective holders and are recognized as such. Any product descriptions or representations in this document are for identification purposes only and are not to be construed as a warranty of specific properties or guarantee or warranty of any other type. visionapp shall assume no liability, either explicit or implied, for the documentation. All rights reserved visionapp AG, October 2009 About visionapp visionapp specializes in the design, implementation and operation of server-based infrastructure and portal solutions based on Microsoft and Citrix technologies. The company provides unique products and services for optimization and cost-effective administration of Windows Terminal Server infrastructures. visionapp Application Delivery Management Suite including visionapp Server Management and visionapp Workspace Management as well as consulting and ASP services form the core business. The visionapp products and solutions will be provided through a worldwide certified partner network. Only in Germany visionapp delivers products and solutions directly to large enterprises. The SME market is also being supplied through certified partners. Further Information visionapp AG Head Office Frankfurt am Main Helfmann-Park Eschborn Germany web:

visionapp Remo Desktop () & Tool Comparison Product I nformation www..com and at a Glance This Tool Comparison gives you the opportunity to see the characristics and key features of the last releases of

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities DNS name: turing.cs.montclair.edu -This server is the Departmental Server

VNC User Guide Version 5.0 June 2012 Trademarks VNC is a registered trademark of RealVNC Ltd. in the U.S. and in other countries. Other trademarks are the property of their respective owners. Protected

SmartCode TM VNC Manager v5.0 Award Winning Remote Computer Management Software Powerful tool to control all your computers from one program WELCOME TO NETWORK MANAGEMENT WITHOUT BARRIERS In today s large

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

Device LinkUP + Desktop LP Guide RDP Version 2.1 January 2016 Copyright 2015 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common

Eport & Backup Guide Welcome to the WebOffice and WorkSpace eport and backup guide. This guide provides an overview and requirements of the tools available to etract data from your WebOffice or WorkSpace

LifeCyclePlus Version 1 Last updated: 2014-04-25 Information in this document is subject to change without notice. Companies, names and data used in examples herein are fictitious unless otherwise noted.

ViPNet ThinClient 3.3 Quick Start 1991 2014 Infotecs Americas. All rights reserved. Version: 00060-07 34 02 ENU This document is included in the software distribution kit and is subject to the same terms

Using WebVPN (webvpn.childrens.harvard.edu) to access shared and P drives, access e-mail, and use Remote Desktop Connecting to your shared drive To connect to your shared drive, you must bookmark it. When

2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious

VNC User Guide Version 5.3 December 2015 Trademarks RealVNC, VNC and RFB are trademarks of RealVNC Limited and are protected by trademark registrations and/or pending trademark applications in the European

The All-in-One Support Solution. Easy & Secure. Secure Advisor Secure Advisor - A Perfect Solution for Online Support Fast and easy remote support from anywhere Problems that often sound complicated on

This chapter contains information to help you set up your thin client hardware, look and feel, and system settings using the Control Center. Tip While it is not recommended to use dialog boxes for configuring

www.novell.com/documentation Remote Management Reference ZENworks 11 Support Pack 2 October 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

Manual to Access SAP Training Systems Technical Description for Customer On-Site Training 2.0 draft version available as of Jan. 5th 2015. The final version will be available in January 2015 after valuable

V100R011 Issue 02 Date 2013-05-28 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent

Enabling Backups for Windows and MAC OS X TM Trademarks and Copyrights Copyright Storix, Inc. 1999-2005 Storix is a registered trademark of Storix, Inc. SBAdmin is a trademark of Storix, Inc in the USA

Campus VPN Version 1.0 September 22, 2008 University of North Texas 1 9/22/2008 Introduction This is a guide on the different ways to connect to the University of North Texas Campus VPN. There are several

Operating System File and Printer Sharing with Microsoft Windows Microsoft Corporation Published: November 2003 Abstract File and printer sharing in Microsoft Windows allows you to share the contents of

Getting Started with Symantec Endpoint Protection 20983668 Getting Started with Symantec Endpoint Protection The software described in this book is furnished under a license agreement and may be used only

Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile

Remote Access Platform Architecture and Security Overview NOTICE This document contains information about one or more ABB products and may include a description of or a reference to one or more standards

Jumpoint Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.

Proof of Concept Guide Version 4.0 Published: OCT-2013 Updated: 2005-2013 Propalms Ltd. All rights reserved. The information contained in this document represents the current view of Propalms Ltd. on the

Installing and Configuring Remote Desktop Connection Client for Mac Microsoft Remote Desktop Connection Client for Mac comes bundled with Microsoft Office 2011 for Mac, but you can also get it for free

Cluster Guide Version: 9.0 Released: March 2015 Companion Guides: UniPrint Infinity Companion Guides can be found online for your convenience and are intended to assist Administrators with the operation

Dealing with Remote Desktops in the ITT environment Date: April 11, 2007 Author: Boris Version: 1.1 Case: You have a Windows XP machine and want to start a remote desktop session to another PC. (e.g. a

Cover How do you create a communication of VNC with an Industrial Thin Client SIMATIC ITC? Thin Client FAQ August 2012 Service & Support Answers for industry. Question This entry is from the Siemens Industry

System Area Manager Remote Management Remote Management System Area Manager provides remote management functions for its managed systems, including Wake on LAN, Shutdown, Restart, Remote Console and for

Guide: Using Citrix for Home/ Office Contents Important information about disconnecting from Citrix 1 How to access Citrix Site 2 How to install Citrix Receiver for Home/ Personal Device (ipad, android

2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.

Getting started Corporate Edition Copyright 2005 Corporation. All rights reserved. Printed in the U.S.A. 03/05 PN: 10362873 and the logo are U.S. registered trademarks of Corporation. is a trademark of

Goverlan Remote Control Feature Overview Goverlan Remote Control Powerful IT remote control, made easy Support, control and manage multiple users anywhere securely and seamlessly. With its powerful broadscope

Remote Application Server Version 14 Last updated: 25-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,

LogMeIn Hamachi Getting Started Guide Contents What Is LogMeIn Hamachi?...3 Who Should Use LogMeIn Hamachi?...3 The LogMeIn Hamachi Client...4 About the Relationship Between the Client and Your LogMeIn

MobaXTerm: A good gnome-terminal like tabbed SSH client for Windows / Windows Putty Tabs Alternative Author : admin Last 10+ years I worked on GNU / Linux as Desktop. Last 7 years most of my SSH connections

Version 3.8 Installation Guide Copyright 2007 Jetro Platforms, Ltd. All rights reserved. This document is being furnished by Jetro Platforms for information purposes only to licensed users of the Jetro

Remote PC Guide for Standalone PC Implementation Updated: 2007-01-22 The guide covers features available in NETLAB+ version 3.6.1 and later. IMPORTANT Standalone PC implementation is no longer recommended.

LogMeIn Ignition for Android User Guide Contents About LogMeIn Ignition...3 Getting Started with LogMeIn Ignition...3 How to Create a LogMeIn Account for Use with Ignition...4 How to Add Computers to your

User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

RLP Citrix Setup Guide M Version 2.1 Trademarks IBM is a registered trademark of International Business Machines Corporation. The following are trademarks of International Business Machines Corporation

Remote Application Server Version 14 Last updated: 06-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise